by Connie Sadler, Dir. of IT Security, CIS

Your Laptop Computer: 1) Secure It or 2) Consider a Career Change!

Wow! Sound harsh? Are those the only options? They could be – depending on what kind of information you’re storing on that portable hard drive!

If you use a laptop or other portable device to store confidential information, you should know that there are a lot of evil-doers out there who no longer care as much about the laptop itself as they do about the information that might be on it. Losing confidential data can lead to a loss of your job.

Everybody looks for a scapegoat. Right or wrong, it’s the nature of organizations to look for the weak links when things go wrong, and organization leaders typically look for ways to eliminate the weak links. “Take all necessary precautions to protect my laptop” should be at the top of your “Secure My Confidential Information” to-do checklist, so that you don’t need to add “Replace my stolen laptop” and “Find another job.”

Here are some tips to avoid that worst-case scenario:

1. Never leave a laptop or other electronic portable device where it can be stolen. Opportunists regularly stroll through unattended office areas, airports, hotels, and other publicly accessible locations looking for opportunities to grab a device or some media quickly. Don’t enable opportunists! There are inexpensive but effective cable systems that can be purchased at the Brown Computer Store.


2. Never store valued data on a workstation of any kind. Leave it on a professionally managed central server with responsible system administrators looking out for it.


3. Never, EVER store confidential information on a laptop or portable device unless there is no other choice. If someone steals my hardware, I may have to replace the hardware, but at least I won’t have to worry about law enforcement, government regulators, employers and customer lawsuits.
   
   a. If (and ONLY IF) you must temporarily store confidential information on a portable device, do it only with permission. Never take work data home or anywhere else unless the owner of the information knows where it’s going and how it will be protected all along the journey.
   
   b. Protection of confidential information on a portable device cannot be ensured without the use of strong encryption. So if you must temporarily store data on your laptop, USB drive, etc., and if you now have permission from the data owner, the next step is to make sure that the information is properly encrypted. And don’t forget to use strong passphrases! If you don’t know how to do this, ask questions. Find out! The CyberAngel ™ is one option that can be purchased at the Brown Computer Store. CyberAngel will find my stolen laptop and return it (in 80% of the cases), and will also provide me with a secure storage area for my confidential data.
   
   
4. Be aware. Think like the bad guys. If you wanted to steal the data on your own laptop, how would YOU do it? This kind of “defensive thinking” will go a long way towards keeping your data – and your job – safe!


5. Be proactive. If you have questions about how to protect Brown Confidential Information, contact Brown’s IT Security Office at ITSecurity@Brown.edu. Also review Guidelines for Safeguarding Information at http://www.brown.edu/cis/policy.

Bottom line:
If you want to avoid being a central figure in a serious data breach, don’t copy and store confidential data! Leave it where it belongs – in the hands of the pros – and let them help you to access it in a secure manner, whether at work, at home or on the road!